Botan 3.0.0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Member Functions | List of all members
Botan::XMSS_Parameters Class Reference

#include <xmss_parameters.h>

Public Types

enum  xmss_algorithm_t {
  XMSS_SHA2_10_256 = 0x00000001 , XMSS_SHA2_16_256 = 0x00000002 , XMSS_SHA2_20_256 = 0x00000003 , XMSS_SHA2_10_512 = 0x00000004 ,
  XMSS_SHA2_16_512 = 0x00000005 , XMSS_SHA2_20_512 = 0x00000006 , XMSS_SHAKE_10_256 = 0x00000007 , XMSS_SHAKE_16_256 = 0x00000008 ,
  XMSS_SHAKE_20_256 = 0x00000009 , XMSS_SHAKE_10_512 = 0x0000000a , XMSS_SHAKE_16_512 = 0x0000000b , XMSS_SHAKE_20_512 = 0x0000000c ,
  XMSS_SHA2_10_192 = 0x0000000d , XMSS_SHA2_16_192 = 0x0000000e , XMSS_SHA2_20_192 = 0x0000000f , XMSS_SHAKE256_10_256 = 0x00000010 ,
  XMSS_SHAKE256_16_256 = 0x00000011 , XMSS_SHAKE256_20_256 = 0x00000012 , XMSS_SHAKE256_10_192 = 0x00000013 , XMSS_SHAKE256_16_192 = 0x00000014 ,
  XMSS_SHAKE256_20_192 = 0x00000015
}
 

Public Member Functions

size_t element_size () const
 
size_t estimated_strength () const
 
const std::string hash_function_name () const
 
size_t hash_id_size () const
 
size_t len () const
 
const std::string name () const
 
xmss_algorithm_t oid () const
 
bool operator== (const XMSS_Parameters &p) const
 
XMSS_WOTS_Parameters::ots_algorithm_t ots_oid () const
 
size_t raw_legacy_private_key_size () const
 
size_t raw_private_key_size () const
 
size_t raw_public_key_size () const
 
size_t total_number_of_signatures () const
 
size_t tree_height () const
 
size_t wots_parameter () const
 
 XMSS_Parameters (std::string_view algo_name)
 
 XMSS_Parameters (xmss_algorithm_t oid)
 

Static Public Member Functions

static xmss_algorithm_t xmss_id_from_string (std::string_view algo_name)
 

Detailed Description

Descibes a signature method for XMSS, as defined in: [1] XMSS: Extended Hash-Based Signatures, Request for Comments: 8391 Release: May 2018. https://datatracker.ietf.org/doc/rfc8391/ [2] Recommendation for Stateful Hash-Based Signature Schemes NIST Special Publication 800-208 Release: October 2020. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-208.pdf

Definition at line 137 of file xmss_parameters.h.

Member Enumeration Documentation

◆ xmss_algorithm_t

Enumerator
XMSS_SHA2_10_256 
XMSS_SHA2_16_256 
XMSS_SHA2_20_256 
XMSS_SHA2_10_512 
XMSS_SHA2_16_512 
XMSS_SHA2_20_512 
XMSS_SHAKE_10_256 
XMSS_SHAKE_16_256 
XMSS_SHAKE_20_256 
XMSS_SHAKE_10_512 
XMSS_SHAKE_16_512 
XMSS_SHAKE_20_512 
XMSS_SHA2_10_192 
XMSS_SHA2_16_192 
XMSS_SHA2_20_192 
XMSS_SHAKE256_10_256 
XMSS_SHAKE256_16_256 
XMSS_SHAKE256_20_256 
XMSS_SHAKE256_10_192 
XMSS_SHAKE256_16_192 
XMSS_SHAKE256_20_192 

Definition at line 140 of file xmss_parameters.h.

141 {
142 // from RFC 8391
143 XMSS_SHA2_10_256 = 0x00000001,
144 XMSS_SHA2_16_256 = 0x00000002,
145 XMSS_SHA2_20_256 = 0x00000003,
146
147 // from RFC 8391 but not approved by NIST SP.800-208
148 // (see footnote on page 16)
149 XMSS_SHA2_10_512 = 0x00000004,
150 XMSS_SHA2_16_512 = 0x00000005,
151 XMSS_SHA2_20_512 = 0x00000006,
152 XMSS_SHAKE_10_256 = 0x00000007,
153 XMSS_SHAKE_16_256 = 0x00000008,
154 XMSS_SHAKE_20_256 = 0x00000009,
155 XMSS_SHAKE_10_512 = 0x0000000a,
156 XMSS_SHAKE_16_512 = 0x0000000b,
157 XMSS_SHAKE_20_512 = 0x0000000c,
158
159 // from NIST SP.800-208
160 XMSS_SHA2_10_192 = 0x0000000d,
161 XMSS_SHA2_16_192 = 0x0000000e,
162 XMSS_SHA2_20_192 = 0x0000000f,
163 XMSS_SHAKE256_10_256 = 0x00000010,
164 XMSS_SHAKE256_16_256 = 0x00000011,
165 XMSS_SHAKE256_20_256 = 0x00000012,
166 XMSS_SHAKE256_10_192 = 0x00000013,
167 XMSS_SHAKE256_16_192 = 0x00000014,
168 XMSS_SHAKE256_20_192 = 0x00000015,
169 };

Constructor & Destructor Documentation

◆ XMSS_Parameters() [1/2]

Botan::XMSS_Parameters::XMSS_Parameters ( std::string_view  algo_name)
explicit

Definition at line 68 of file xmss_parameters.cpp.

70 {
71 }
static xmss_algorithm_t xmss_id_from_string(std::string_view algo_name)
XMSS_Parameters(std::string_view algo_name)

◆ XMSS_Parameters() [2/2]

Botan::XMSS_Parameters::XMSS_Parameters ( xmss_algorithm_t  oid)
explicit

Definition at line 73 of file xmss_parameters.cpp.

74 : m_oid(oid)
75 {
76 switch(oid)
77 {
79 m_element_size = 32;
80 m_hash_id_size = 32;
81 m_w = 16;
82 m_len = 67;
83 m_tree_height = 10;
84 m_name = "XMSS-SHA2_10_256";
85 m_hash_name = "SHA-256";
86 m_strength = 256;
88 break;
90 m_element_size = 32;
91 m_hash_id_size = 32;
92 m_w = 16;
93 m_len = 67;
94 m_tree_height = 16;
95 m_name = "XMSS-SHA2_16_256";
96 m_hash_name = "SHA-256";
97 m_strength = 256;
99 break;
100 case XMSS_SHA2_20_256:
101 m_element_size = 32;
102 m_hash_id_size = 32;
103 m_w = 16;
104 m_len = 67;
105 m_tree_height = 20;
106 m_name = "XMSS-SHA2_20_256";
107 m_hash_name = "SHA-256";
108 m_strength = 256;
110 break;
111 case XMSS_SHA2_10_512:
112 m_element_size = 64;
113 m_hash_id_size = 64;
114 m_w = 16;
115 m_len = 131;
116 m_tree_height = 10;
117 m_name = "XMSS-SHA2_10_512";
118 m_hash_name = "SHA-512";
119 m_strength = 512;
121 break;
122 case XMSS_SHA2_16_512:
123 m_element_size = 64;
124 m_hash_id_size = 64;
125 m_w = 16;
126 m_len = 131;
127 m_tree_height = 16;
128 m_name = "XMSS-SHA2_16_512";
129 m_hash_name = "SHA-512";
130 m_strength = 512;
132 break;
133 case XMSS_SHA2_20_512:
134 m_element_size = 64;
135 m_hash_id_size = 64;
136 m_w = 16;
137 m_len = 131;
138 m_tree_height = 20;
139 m_name = "XMSS-SHA2_20_512";
140 m_hash_name = "SHA-512";
141 m_strength = 512;
143 break;
145 m_element_size = 32;
146 m_hash_id_size = 32;
147 m_w = 16;
148 m_len = 67;
149 m_tree_height = 10;
150 m_name = "XMSS-SHAKE_10_256";
151 m_hash_name = "SHAKE-128(256)";
152 m_strength = 256;
154 break;
156 m_element_size = 32;
157 m_hash_id_size = 32;
158 m_w = 16;
159 m_len = 67;
160 m_tree_height = 16;
161 m_name = "XMSS-SHAKE_16_256";
162 m_hash_name = "SHAKE-128(256)";
163 m_strength = 256;
165 break;
167 m_element_size = 32;
168 m_hash_id_size = 32;
169 m_w = 16;
170 m_len = 67;
171 m_tree_height = 20;
172 m_name = "XMSS-SHAKE_20_256";
173 m_hash_name = "SHAKE-128(256)";
174 m_strength = 256;
176 break;
178 m_element_size = 64;
179 m_hash_id_size = 64;
180 m_w = 16;
181 m_len = 131;
182 m_tree_height = 10;
183 m_name = "XMSS-SHAKE_10_512";
184 m_hash_name = "SHAKE-256(512)";
185 m_strength = 512;
187 break;
189 m_element_size = 64;
190 m_hash_id_size = 64;
191 m_w = 16;
192 m_len = 131;
193 m_tree_height = 16;
194 m_name = "XMSS-SHAKE_16_512";
195 m_hash_name = "SHAKE-256(512)";
196 m_strength = 512;
198 break;
200 m_element_size = 64;
201 m_hash_id_size = 64;
202 m_w = 16;
203 m_len = 131;
204 m_tree_height = 20;
205 m_name = "XMSS-SHAKE_20_512";
206 m_hash_name = "SHAKE-256(512)";
207 m_strength = 512;
209 break;
210 case XMSS_SHA2_10_192:
211 m_element_size = 24;
212 m_hash_id_size = 4;
213 m_w = 16;
214 m_len = 51;
215 m_tree_height = 10;
216 m_name = "XMSS-SHA2_10_192";
217 m_hash_name = "Truncated(SHA-256,192)";
218 m_strength = 192;
220 break;
221 case XMSS_SHA2_16_192:
222 m_element_size = 24;
223 m_hash_id_size = 4;
224 m_w = 16;
225 m_len = 51;
226 m_tree_height = 16;
227 m_name = "XMSS-SHA2_16_192";
228 m_hash_name = "Truncated(SHA-256,192)";
229 m_strength = 192;
231 break;
232 case XMSS_SHA2_20_192:
233 m_element_size = 24;
234 m_hash_id_size = 4;
235 m_w = 16;
236 m_len = 51;
237 m_tree_height = 20;
238 m_name = "XMSS-SHA2_20_192";
239 m_hash_name = "Truncated(SHA-256,192)";
240 m_strength = 192;
242 break;
244 m_element_size = 32;
245 m_hash_id_size = 32;
246 m_w = 16;
247 m_len = 67;
248 m_tree_height = 10;
249 m_name = "XMSS-SHAKE256_10_256";
250 m_hash_name = "SHAKE-256(256)";
251 m_strength = 256;
253 break;
255 m_element_size = 32;
256 m_hash_id_size = 32;
257 m_w = 16;
258 m_len = 67;
259 m_tree_height = 16;
260 m_name = "XMSS-SHAKE256_16_256";
261 m_hash_name = "SHAKE-256(256)";
262 m_strength = 256;
264 break;
266 m_element_size = 32;
267 m_hash_id_size = 32;
268 m_w = 16;
269 m_len = 67;
270 m_tree_height = 20;
271 m_name = "XMSS-SHAKE256_20_256";
272 m_hash_name = "SHAKE-256(256)";
273 m_strength = 256;
275 break;
277 m_element_size = 24;
278 m_hash_id_size = 4;
279 m_w = 16;
280 m_len = 51;
281 m_tree_height = 10;
282 m_name = "XMSS-SHAKE256_10_192";
283 m_hash_name = "SHAKE-256(192)";
284 m_strength = 192;
286 break;
288 m_element_size = 24;
289 m_hash_id_size = 4;
290 m_w = 16;
291 m_len = 51;
292 m_tree_height = 16;
293 m_name = "XMSS-SHAKE256_16_192";
294 m_hash_name = "SHAKE-256(192)";
295 m_strength = 192;
297 break;
299 m_element_size = 24;
300 m_hash_id_size = 4;
301 m_w = 16;
302 m_len = 51;
303 m_tree_height = 20;
304 m_name = "XMSS-SHAKE256_20_192";
305 m_hash_name = "SHAKE-256(192)";
306 m_strength = 192;
308 break;
309
310 default:
311 throw Not_Implemented("Algorithm id does not match any known XMSS algorithm id:" + std::to_string(oid));
312 }
313 }
xmss_algorithm_t oid() const

References oid(), Botan::XMSS_WOTS_Parameters::WOTSP_SHA2_192, Botan::XMSS_WOTS_Parameters::WOTSP_SHA2_256, Botan::XMSS_WOTS_Parameters::WOTSP_SHA2_512, Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_256, Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_256_192, Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_256_256, Botan::XMSS_WOTS_Parameters::WOTSP_SHAKE_512, XMSS_SHA2_10_192, XMSS_SHA2_10_256, XMSS_SHA2_10_512, XMSS_SHA2_16_192, XMSS_SHA2_16_256, XMSS_SHA2_16_512, XMSS_SHA2_20_192, XMSS_SHA2_20_256, XMSS_SHA2_20_512, XMSS_SHAKE256_10_192, XMSS_SHAKE256_10_256, XMSS_SHAKE256_16_192, XMSS_SHAKE256_16_256, XMSS_SHAKE256_20_192, XMSS_SHAKE256_20_256, XMSS_SHAKE_10_256, XMSS_SHAKE_10_512, XMSS_SHAKE_16_256, XMSS_SHAKE_16_512, XMSS_SHAKE_20_256, and XMSS_SHAKE_20_512.

Member Function Documentation

◆ element_size()

size_t Botan::XMSS_Parameters::element_size ( ) const
inline

Retrieves the uniform length of a message, and the size of each node. This correlates to XMSS parameter "n" defined in [1].

Returns
element length in bytes.

Definition at line 196 of file xmss_parameters.h.

196{ return m_element_size; }

Referenced by Botan::XMSS_Common_Ops::randomize_tree_hash(), Botan::XMSS_Signature_Operation::signature_length(), Botan::XMSS_PrivateKey::XMSS_PrivateKey(), Botan::XMSS_PublicKey::XMSS_PublicKey(), and Botan::XMSS_Signature::XMSS_Signature().

◆ estimated_strength()

size_t Botan::XMSS_Parameters::estimated_strength ( ) const
inline

Returns the estimated pre-quantum security level of the chosen algorithm.

Definition at line 239 of file xmss_parameters.h.

240 {
241 return m_strength;
242 }

◆ hash_function_name()

const std::string Botan::XMSS_Parameters::hash_function_name ( ) const
inline

Definition at line 184 of file xmss_parameters.h.

185 {
186 return m_hash_name;
187 }

Referenced by Botan::XMSS_Hash::XMSS_Hash().

◆ hash_id_size()

size_t Botan::XMSS_Parameters::hash_id_size ( ) const
inline

Retrieves the length of the hash identifier (domain separator) in bytes. See definition of toByte() in RFC 8391 Section 2.4 and the concrete definitions of hash functions in Section 5.1 where this parameter is always equal to the output length of the underlying hash primitive. Also see NIST SP.800-208 where instantiations utilizing truncated hashes use shorter hash IDs.

Definition at line 206 of file xmss_parameters.h.

206{ return m_hash_id_size; }

◆ len()

size_t Botan::XMSS_Parameters::len ( ) const
inline

Definition at line 226 of file xmss_parameters.h.

226{ return m_len; }

Referenced by Botan::XMSS_Common_Ops::create_l_tree(), and Botan::XMSS_Signature::XMSS_Signature().

◆ name()

const std::string Botan::XMSS_Parameters::name ( ) const
inline
Returns
XMSS registry name for the chosen parameter set.

Definition at line 179 of file xmss_parameters.h.

180 {
181 return m_name;
182 }

◆ oid()

xmss_algorithm_t Botan::XMSS_Parameters::oid ( ) const
inline

◆ operator==()

bool Botan::XMSS_Parameters::operator== ( const XMSS_Parameters p) const
inline

Definition at line 262 of file xmss_parameters.h.

263 {
264 return m_oid == p.m_oid;
265 }

◆ ots_oid()

XMSS_WOTS_Parameters::ots_algorithm_t Botan::XMSS_Parameters::ots_oid ( ) const
inline

Definition at line 230 of file xmss_parameters.h.

231 {
232 return m_wots_oid;
233 }

◆ raw_legacy_private_key_size()

size_t Botan::XMSS_Parameters::raw_legacy_private_key_size ( ) const
inline

Definition at line 249 of file xmss_parameters.h.

250 {
251 return raw_public_key_size() +
252 sizeof(uint32_t) +
253 2 * element_size();
254 }
size_t raw_public_key_size() const
size_t element_size() const

◆ raw_private_key_size()

size_t Botan::XMSS_Parameters::raw_private_key_size ( ) const
inline

Definition at line 256 of file xmss_parameters.h.

257 {
259 + 1 /* identifier for WOTS+ key derivation method */;
260 }
size_t raw_legacy_private_key_size() const

◆ raw_public_key_size()

size_t Botan::XMSS_Parameters::raw_public_key_size ( ) const
inline

Definition at line 244 of file xmss_parameters.h.

245 {
246 return sizeof(uint32_t) + 2 * element_size();
247 }

Referenced by Botan::XMSS_PublicKey::XMSS_PublicKey().

◆ total_number_of_signatures()

size_t Botan::XMSS_Parameters::total_number_of_signatures ( ) const
inline
Returns
total number of signatures allowed for this XMSS instance

Definition at line 216 of file xmss_parameters.h.

216{ return size_t(1) << tree_height(); }
size_t tree_height() const

Referenced by Botan::XMSS_Signature::XMSS_Signature().

◆ tree_height()

size_t Botan::XMSS_Parameters::tree_height ( ) const
inline
Returns
The height (number of levels - 1) of the tree

Definition at line 211 of file xmss_parameters.h.

211{ return m_tree_height; }

Referenced by Botan::XMSS_Signature::XMSS_Signature().

◆ wots_parameter()

size_t Botan::XMSS_Parameters::wots_parameter ( ) const
inline

The Winternitz parameter.

Returns
numeric base used for internal representation of data.

Definition at line 224 of file xmss_parameters.h.

224{ return m_w; }

◆ xmss_id_from_string()

XMSS_Parameters::xmss_algorithm_t Botan::XMSS_Parameters::xmss_id_from_string ( std::string_view  algo_name)
static

Definition at line 20 of file xmss_parameters.cpp.

21 {
22 if(param_set == "XMSS-SHA2_10_256")
23 { return XMSS_SHA2_10_256; }
24 if(param_set == "XMSS-SHA2_16_256")
25 { return XMSS_SHA2_16_256; }
26 if(param_set == "XMSS-SHA2_20_256")
27 { return XMSS_SHA2_20_256; }
28 if(param_set == "XMSS-SHA2_10_512")
29 { return XMSS_SHA2_10_512; }
30 if(param_set == "XMSS-SHA2_16_512")
31 { return XMSS_SHA2_16_512; }
32 if(param_set == "XMSS-SHA2_20_512")
33 { return XMSS_SHA2_20_512; }
34 if(param_set == "XMSS-SHAKE_10_256")
35 { return XMSS_SHAKE_10_256; }
36 if(param_set == "XMSS-SHAKE_16_256")
37 { return XMSS_SHAKE_16_256; }
38 if(param_set == "XMSS-SHAKE_20_256")
39 { return XMSS_SHAKE_20_256; }
40 if(param_set == "XMSS-SHAKE_10_512")
41 { return XMSS_SHAKE_10_512; }
42 if(param_set == "XMSS-SHAKE_16_512")
43 { return XMSS_SHAKE_16_512; }
44 if(param_set == "XMSS-SHAKE_20_512")
45 { return XMSS_SHAKE_20_512; }
46 if(param_set == "XMSS-SHA2_10_192")
47 { return XMSS_SHA2_10_192; }
48 if(param_set == "XMSS-SHA2_16_192")
49 { return XMSS_SHA2_16_192; }
50 if(param_set == "XMSS-SHA2_20_192")
51 { return XMSS_SHA2_20_192; }
52 if(param_set == "XMSS-SHAKE256_10_256")
53 { return XMSS_SHAKE256_10_256; }
54 if(param_set == "XMSS-SHAKE256_16_256")
55 { return XMSS_SHAKE256_16_256; }
56 if(param_set == "XMSS-SHAKE256_20_256")
57 { return XMSS_SHAKE256_20_256; }
58 if(param_set == "XMSS-SHAKE256_10_192")
59 { return XMSS_SHAKE256_10_192; }
60 if(param_set == "XMSS-SHAKE256_16_192")
61 { return XMSS_SHAKE256_16_192; }
62 if(param_set == "XMSS-SHAKE256_20_192")
63 { return XMSS_SHAKE256_20_192; }
64
65 throw Lookup_Error(fmt("Unknown XMSS algorithm param '{}'", param_set));
66 }
std::string fmt(std::string_view format, const T &... args)
Definition: fmt.h:60

References Botan::fmt(), XMSS_SHA2_10_192, XMSS_SHA2_10_256, XMSS_SHA2_10_512, XMSS_SHA2_16_192, XMSS_SHA2_16_256, XMSS_SHA2_16_512, XMSS_SHA2_20_192, XMSS_SHA2_20_256, XMSS_SHA2_20_512, XMSS_SHAKE256_10_192, XMSS_SHAKE256_10_256, XMSS_SHAKE256_16_192, XMSS_SHAKE256_16_256, XMSS_SHAKE256_20_192, XMSS_SHAKE256_20_256, XMSS_SHAKE_10_256, XMSS_SHAKE_10_512, XMSS_SHAKE_16_256, XMSS_SHAKE_16_512, XMSS_SHAKE_20_256, and XMSS_SHAKE_20_512.


The documentation for this class was generated from the following files: